KMSAN: uninit-value in aes

Kernel	Title	Rank 🛈	Repro	Count	Last	Reported	Patched	Status
upstream	KMSAN: uninit-value in aes_encrypt (5) ext4	7	C	2013	18d	545d	0/29	closed as invalid on 2025/10/10 13:01
upstream	KMSAN: uninit-value in aes_encrypt (4) net	7	C	15041	656d	1871d	0/29	auto-obsoleted due to no activity on 2024/03/19 00:25
upstream	KMSAN: uninit-value in aes_encrypt (6) ext4 fscrypt	7		2	12d	14d	0/29	closed as dup on 2025/10/14 14:57
upstream	KMSAN: uninit-value in aes_encrypt (2) crypto	7	C	52	2164d	2193d	0/29	closed as dup on 2019/11/19 02:55
upstream	KMSAN: uninit-value in aes_encrypt (3) crypto	7	C	2	1925d	1925d	0/29	closed as invalid on 2020/07/22 14:12

================================================================== BUG: KMSAN: uninit-value in aes_encrypt+0x4d34/0x5990 crypto/aes_generic.c:1356 CPU: 0 PID: 3570 Comm: syzkaller681771 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 aes_encrypt+0x4d34/0x5990 crypto/aes_generic.c:1356 crypto_cipher_encrypt_one include/linux/crypto.h:1568 [inline] crypto_cbcmac_digest_update+0x393/0x530 crypto/ccm.c:899 crypto_shash_update crypto/shash.c:117 [inline] shash_ahash_update crypto/shash.c:239 [inline] shash_async_update+0x290/0x360 crypto/shash.c:247 crypto_ahash_update include/crypto/hash.h:522 [inline] gcm_hash_update crypto/gcm.c:235 [inline] gcm_hash_remain crypto/gcm.c:242 [inline] gcm_hash_crypt_continue crypto/gcm.c:316 [inline] gcm_hash_assoc_remain_continue crypto/gcm.c:346 [inline] gcm_hash_init_continue crypto/gcm.c:402 [inline] gcm_hash+0x184f/0x24a0 crypto/gcm.c:430 gcm_encrypt_continue crypto/gcm.c:455 [inline] crypto_gcm_encrypt+0xa13/0xaf0 crypto/gcm.c:484 _aead_recvmsg include/crypto/aead.h:370 [inline] aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:803 [inline] sock_recvmsg+0x1d0/0x230 net/socket.c:810 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205 __sys_recvmsg net/socket.c:2250 [inline] SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262 SyS_recvmsg+0x54/0x80 net/socket.c:2257 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x445789 RSP: 002b:00007f58ddf79da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445789 RDX: 0000000000000000 RSI: 0000000020001440 RDI: 000000000000000c RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac20 R13: b7db545ced0cb6b3 R14: e581e305b075070a R15: 0000000000000006 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline] kmsan_save_stack mm/kmsan/kmsan.c:293 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521 __crypto_xor+0x95f/0x16b0 crypto/algapi.c:1020 crypto_xor include/crypto/algapi.h:210 [inline] crypto_cbcmac_digest_update+0x287/0x530 crypto/ccm.c:893 crypto_shash_update crypto/shash.c:117 [inline] shash_ahash_update crypto/shash.c:239 [inline] shash_async_update+0x290/0x360 crypto/shash.c:247 crypto_ahash_update include/crypto/hash.h:522 [inline] gcm_hash_update crypto/gcm.c:235 [inline] gcm_hash_assoc_remain_continue crypto/gcm.c:344 [inline] gcm_hash_init_continue crypto/gcm.c:402 [inline] gcm_hash+0x8b5/0x24a0 crypto/gcm.c:430 gcm_encrypt_continue crypto/gcm.c:455 [inline] crypto_gcm_encrypt+0xa13/0xaf0 crypto/gcm.c:484 _aead_recvmsg include/crypto/aead.h:370 [inline] aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:803 [inline] sock_recvmsg+0x1d0/0x230 net/socket.c:810 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205 __sys_recvmsg net/socket.c:2250 [inline] SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262 SyS_recvmsg+0x54/0x80 net/socket.c:2257 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline] kmsan_save_stack mm/kmsan/kmsan.c:293 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521 __crypto_xor+0x95f/0x16b0 crypto/algapi.c:1020 crypto_xor_cpy include/crypto/algapi.h:229 [inline] ctr_crypt_final arch/x86/crypto/aesni-intel_glue.c:479 [inline] ctr_crypt+0x432/0x4f0 arch/x86/crypto/aesni-intel_glue.c:521 crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline] simd_skcipher_encrypt+0x221/0x320 crypto/simd.c:77 crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline] crypto_gcm_encrypt+0x53e/0xaf0 crypto/gcm.c:483 _aead_recvmsg include/crypto/aead.h:370 [inline] aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334 sock_recvmsg_nosec net/socket.c:803 [inline] sock_recvmsg+0x1d0/0x230 net/socket.c:810 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205 __sys_recvmsg net/socket.c:2250 [inline] SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262 SyS_recvmsg+0x54/0x80 net/socket.c:2257 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Local variable description: ----keystream.i@ctr_crypt Variable was created at: ctr_crypt+0x4a/0x4f0 arch/x86/crypto/aesni-intel_glue.c:504 crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline] simd_skcipher_encrypt+0x221/0x320 crypto/simd.c:77 ==================================================================

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2018/04/08 10:58	https://github.com/google/kmsan.git master	e2ab7e8abba4	66f22a7f	.config	console log	report	syz	C			ci-upstream-kmsan-gce
2018/04/08 10:31	https://github.com/google/kmsan.git master	e2ab7e8abba4	66f22a7f	.config	console log	report					ci-upstream-kmsan-gce

Crashes (2):

Assets (help?)